%% bare_conf.tex
%% V1.3
%% 2007/01/11
%% by Michael Shell
%% See:
%% http://www.michaelshell.org/
%% for current contact information.
%%
%% This is a skeleton file demonstrating the use of IEEEtran.cls
%% (requires IEEEtran.cls version 1.7 or later) with an IEEE conference paper.
%%
%% Support sites:
%% http://www.michaelshell.org/tex/ieeetran/
%% http://www.ctan.org/tex-archive/macros/latex/contrib/IEEEtran/
%% and
%% http://www.ieee.org/

%%*************************************************************************
%% Legal Notice:
%% This code is offered as-is without any warranty either expressed or
%% implied; without even the implied warranty of MERCHANTABILITY or
%% FITNESS FOR A PARTICULAR PURPOSE! 
%% User assumes all risk.
%% In no event shall IEEE or any contributor to this code be liable for
%% any damages or losses, including, but not limited to, incidental,
%% consequential, or any other damages, resulting from the use or misuse
%% of any information contained here.
%%
%% All comments are the opinions of their respective authors and are not
%% necessarily endorsed by the IEEE.
%%
%% This work is distributed under the LaTeX Project Public License (LPPL)
%% ( http://www.latex-project.org/ ) version 1.3, and may be freely used,
%% distributed and modified. A copy of the LPPL, version 1.3, is included
%% in the base LaTeX documentation of all distributions of LaTeX released
%% 2003/12/01 or later.
%% Retain all contribution notices and credits.
%% ** Modified files should be clearly indicated as such, including  **
%% ** renaming them and changing author support contact information. **
%%
%% File list of work: IEEEtran.cls, IEEEtran_HOWTO.pdf, bare_adv.tex,
%%                    bare_conf.tex, bare_jrnl.tex, bare_jrnl_compsoc.tex
%%*************************************************************************

\documentclass[12pt, conference, compsocconf]{IEEEtran}
% Add the compsocconf option for Computer Society conferences.

% some of packages are not working in my computer.
% pdf -> eps files in figures
% remove tables in my format. please recover it in your folder. (e.g, Table I)
% bib
% decompose to multiple files 
\usepackage{ifpdf}
\usepackage{algorithmic}
\usepackage{subfloat}
\usepackage{algorithm}
\usepackage{textcomp}
\usepackage{listings}
\usepackage{amssymb}
\usepackage{graphicx}
\pagenumbering{roman}
\usepackage[table]{xcolor}	%%%%xcoloer install
\usepackage[font=footnotesize]{subfig} %%%% subfig install
\usepackage[cmex10]{amsmath}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}

% correct bad hyphenation here
%\hyphenation{op-tical net-works semi-conduc-tor}
\begin{document}
\pagestyle{plain} % No headers, just page numbers
\pagenumbering{arabic} % Roman numerals
\setcounter{page}{1}
\title{Automating PEPs localization by mutation testing}
\author{
Tejeddine Mouelhi, Donia El Kateb, Yves Le Traon\\
University of Luxembourg\\
 \{tejeddine.mouelhi, donia.elkateb, yves.letraon\}@uni.lu\\\\
}
\maketitle



\begin{abstract}
Many existing applications do not comply with design constraints related to modularization. For such applications, 
security concerns would be scattered across a software's implementation, this fact makes their maintenance, arising from new 
requirements, a difficult task. 

In this work, we consider this application's category and we propose to locate all explicit security mechanisms for a given 
java application, to ease the update process of security mechanisms at software maintenance level from one side and to have 
specific targets for security testing, on the other side. 

To put our approach into practice, we considered 3 different systems, regulated by 
access control policies. For these systems, Policy Enforcement Points (PEPs), represent the explicit security mechanisms, which are 
triggered once a service, whose execution is regulated under an access control policy, is invoked.

We have implemented security tests that cover all the rules in an access control policy, and we have used mutation testing 
on access control polices, to release changes in the paths of tests execution. A comparative trace analysis performed on tests execution considering 
a policy with mutated rules and an intact policy enables to locate all the PEPs in the 3 systems.
\end{abstract}



\begin{IEEEkeywords}
Security policy, access control, mutation testing, PEPs, trace analysis...
\end{IEEEkeywords}
% For peer review papers, you can put extra information on the cover
% page as needed:
% \ifCLASSOPTIONpeerreview
% \begin{center} \bfseries EDICS Category: 3-BBND \end{center}
% \fi
%
% For peerreview papers, this IEEEtran command inserts a page break and
% creates the second title. It will be ignored for other modes.

\input{intro}
\input{background}
\input{approach}
\input{related}
\input{conclusion}



% trigger a \newpage just before the given reference
% number - used to balance the columns on the last page
% adjust value as needed - may need to be readjusted if
% the document is modified later
%\IEEEtriggeratref{8}
% The "triggered" command can be changed if desired:
%\IEEEtriggercmd{\enlargethispage{-5in}}

% references section

% can use a bibliography generated by BibTeX as a .bbl file
% BibTeX documentation can be easily obtained at:
% http://www.ctan.org/tex-archive/biblio/bibtex/contrib/doc/
% The IEEEtran BibTeX style support page is at:
% http://www.michaelshell.org/tex/ieeetran/bibtex/
\bibliographystyle{IEEEtran}




%
% <OR> manually copy in the resultant .bbl file
% set second argument of \begin to the number of references
% (used to reserve space for the reference number labels box)
%\begin{thebibliography}{1}
%
%\bibitem{IEEEhowto:kopka}
%H.~Kopka and P.~W. Daly, \emph{A Guide to \LaTeX}, 3rd~ed.\hskip 1em plus
%  0.5em minus 0.4em\relax Harlow, England: Addison-Wesley, 1999.
%
%\end{thebibliography}


\begin{thebibliography}{1}
\bibitem{mutation} Tejeddine Mouelhi, Yves Le Traon, Benoit Baudry: Transforming and Selecting Functional Test Cases for Security Policy Testing. ICST 2009: 171-180.
\bibitem{offutt}  R. A. DeMillo, R. J. Lipton, and F. G. Sayward. Hints on test data selection: Help for the practicing



\end{thebibliography}
\end{document}


